A valuable solution for Microsoft-Oriented Infrastructures
August 18, 2023
A valuable solution for Microsoft-Oriented Infrastructures
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is a versatile EDR that perfectly suits the needs of the average infrastructure. Our clients with Microsoft Defender for Endpoint take advantage of the perfect implementation with all the other Microsoft services such as Office365 and Azure AD creating a broad all-in-one environment that empowers the security analysts.
- Perfectly integrates with other Microsoft Services
- Users management
- Mail managementand analysis
- Case management
- The query system can be tricky at first
- It heavily relies on a Microsoft-oriented infrastructure
- Since the implementation of Microsoft Defender for Endpoint, the client's company, due to its user behaviour capability, exposed a lot of issues regarding the policy and security measures of its users, enforcing and hardening the whole infrastructure.
- For a Microsoft-oriented company this is one of the best choices available
- From a SoC point-of-view, Microsoft Defender for Endpoint is a great advantage during the analysis.
- Scalability
- Integration with Other Systems
- Ease of Use
Its natural integration with the whole Microsoft environment and the scalability provided by both on-premise and cloud environments has played an important role in the decision to get Microsoft Defender for Endpoint. In an infrastructure with a large number of endpoints and users and a complex Active Directory forest, this can be the best choice.
We use basically the whole package, integrating with both Office365 and AzureAD, managing cloud and on-premise endpoints with thousands of users. As a SoC Analyst, working with Microsoft Defender for Endpoint provides me with a great variants of tools and ways to investigate incidents and alerts along with my team and the client's IT.
Due to its scalability, it doesn't really matter how many endpoints are protected as long there are no blind-spots in the infrastructure. Always mindful that this is an EDR that gives its best on endpoints, not on servers. I'd strongly suggest the integration with a SIEM and then again implementing another server-based solution and possibly an NDR.
Microsoft Defender for Endpoint is one of the best solutions when the goal is to protect the endpoints of a windows oriented infrastructure. The integrations with the Microsoft services and the unified platform that the analyst can use play a decisive role in the choice and among the other competitors.
Do you think Microsoft Defender for Endpoint delivers good value for the price?
Yes
Are you happy with Microsoft Defender for Endpoint's feature set?
Yes
Did Microsoft Defender for Endpoint live up to sales and marketing promises?
Yes
Did implementation of Microsoft Defender for Endpoint go as expected?
Yes
Would you buy Microsoft Defender for Endpoint again?
Yes